[Catalyst] Re: Supressing passwords in debug messages
Tomas Doran
bobtfish at bobtfish.net
Thu Jan 29 20:53:20 GMT 2009
On 29 Jan 2009, at 18:53, Byron Young wrote:
> Hi - I'm not sure what the repost policy on patches, but I have the
> feeling this one slipped through the cracks. Let me know if it's
> generally annoying to repost stuff.
No, reposting if things get dropped on the floor good :)
If you have time, then arriving on #catalyst-dev and making noise
also gets stuff done.
> This is a patch that allows you to suppress printing the value of
> certain query or body parameters when running Catalyst in debug
> mode - For example, if you want to hide passwords sent from the
> login page, you can put this in your app config (yaml):
Having been discussed in #catalyst-dev, we think that the patch could
be made both more generic, and more elegant.
The key thing is to split the table drawing, and the data filtering
into separate methods (maybe filter_debug_data?).
This would then allow you to filter per-type, and support things such
as redact_parameters (all), redact_body_parameters,
redact_query_parameters, and even potentially to add support for
filtering things like the URI (I can see use-cases where that'd be
significant - e.g. not wanting to log session IDs which are in URIs)..
Have a look at the way the debug screen stuff works (in
Catalyst::Engine), this is more elegant and would also benefit from
being able to have things redacted I guess - as with the current
patch, you're going to display the things you're redacting in the
logs to the end user...
Cheers
t0m
More information about the Catalyst
mailing list